On May 29, 2012, Attorney General Bill Sorrell, Facebook, and Essex High School hosted a presentation for parents, students, and school staff to show them how to be safe when using Facebook. Topics discused included:

What are the online threats to your business, your customers, and your reputation?

What should you be doing to protect private information?

What are your legal responsibilities if you get attacked online?

Cyber safety workshops have been held in Montpelier (June 20, 2012) and Burlington (September 12, 2012). You can view the June 20, 2012 presentation here and here. Additional workshops are being planned.

Scan Vermont: Norwich University will provide free data security scans for small businesses to help keep your online presence secure. If you are interested in this program, please submit an application here.

The Vermont Office of the Attorney General in partnership with the Norwich University Center for Advanced Computing and Digital Forensics (NUCAC-DF) will present a day-long seminar in data security for small business. Using a boot camp format, attendees will be taken through the core technologies for securing networks, the technical side of PCI (Payment Card Industry) security requirements and what to do to comply, and important issues such as controlling malware, detecting intrusions and responding to attacks.

One of the more interesting points to be covered is a look at how cyber criminals attack a system. Attendees will get a chance to perform actual hack attacks and configure servers to resist those attacks. The approach is heavily hands-on and the class will be conducted in the NUCAC-DF’s Cyber Weapons Range War Room which also houses the Norwich Threat Analysis Center (NTAC). The War Room connects directly to the NUCAC-DF’s $2 million virtual computing center, a system separate from the University network and designed for lab-based classes such as this one.

Attendees will largely be those responsible for supporting the technical aspects of small business computing systems in Vermont.

Privacy and Data Security Legislation Discussion: The Attorney General has been working with stakeholders to determine what legislation would protect Vermont consumers and businesses online? Roundtable discussions were held on August 8 and November 27, 2012. A listserv has been set up to circulate proposed language and to discuss potential legislation. If you are interested in being on the listserv, contact: ago.datasecurity@state.vt.us.

In order to better serve the needs of Vermont's online community, and to understand how e-commerce is conducted in Vermont, we would like you to fill out this survey.

Personal information such as Social Security Numbers and credit and debit card numbers must be kept confidential and secure under Vermont law. This page describes how businesses and state agencies must protect consumers’ personal information and notify consumers in the event of a data security breach.

More information about how consumers and businesses can protect personal information is available under the list of Additional Resources below. If you are concerned that someone is using your personal information to commit identity theft, please refer to our information on Identity Theft.

Vermont’s Security Breach Notice Act requires businesses and state agencies to notify consumers in the event a business or state agency suffers a “security breach.” A security breach is defined as the “unauthorized acquisition or access of computerized data that compromises the security, confidentiality, or integrity of personal information maintained by the [business or state agency].” 9 V.S.A. § 2430(8).

In addition, any person has the right to request that a town clerk or clerk of court remove from a record placed on a town’s or court’s public website the person’s Social Security Number, employer taxpayer identification number, driver’s license number, state identification number, passport number, checking account number, savings account number, credit card or debit card number, or personal identification number (PIN) or password. 9 V.S.A. § 2440(f).